In its recent Open Internet Order (“Order”), the U.S. Federal Communications Commission (FCC) determined that broadband Internet access services are appropriately classified as common carrier “telecommunications services” under the Telecommunications Act of 1996. In doing so, the agency established itself as the primary U.S. data privacy and security regulator for those services and triggered additional requirements under the Act. It also promised a future rulemaking that could result in a sea change in how ISPs and their business partners interact with consumer data. Although the decision is widely expected to be appealed in court, organizations operating across the broadband ecosystem would be prudent to assess the potential impact on their current and planned online service portfolio. Continue Reading
With the September 2015 effective date of Russia’s Data Localization Law less than six months away, the Russian data protection authority, Roskomnadzor, has still not issued any formal guidance on how it interprets the law’s broad requirement that companies must process and store the personal data of Russian citizens within Russia. Roskomnadzor has, however, recently held a series of meetings with different industry groups about the law. While Roskomnadzor’s views as expressed in these meetings do not constitute a formal position, they provide insight into how the regulator is likely to interpret the law. Continue Reading
On March 16, the U.S. Commerce Department’s Internet Policy Task Force (IPTF) published a Request for Public Comment for input on the key cybersecurity issues affecting the digital ecosystem and digital economic growth. The IPTF aims to coordinate and facilitate consensus-based multistakeholder processes to generate collective guidance and identify best practices. Through this effort, the IPTF seeks to broaden the focus of federal cybersecurity efforts beyond securing critical infrastructure. A number of key cybersecurity challenges have been identified in the Request for Public Comment, and the IPTF is inviting commenters to highlight other topic areas that the IPTF should consider including as part of this process. Continue Reading
The UK and Canadian data protection regulators have written to webcam manufacturers to highlight concerns about the safety of internet-connected devices and to enlist their assistance in reducing the risks posed by their products. In particular, the regulators call for manufacturers to roll out privacy-friendly default settings, implement “privacy by design” – whereby data protection and privacy considerations are built into the design and manufacturing process – and provide increased guidance to consumers about ensuring the security of devices. Continue Reading
Security concerns and the need to increase cyber security measures have recently boosted the use of Bring Your Own Device (BYOD) policies in France. Recent events have exacerbated fears of data breaches and hacking for IT managers who were not overly concerned before. As a consequence, IT security teams are seeking to apply the same security and device management systems that apply to their own company’s equipment to employees’ devices when employees use their devices for work purposes. Continue Reading
The Intelligence and Security Committee (ISC) of the UK Parliament today published its much anticipated report on the secret capabilities of the UK intelligence and security agencies (MI6, MI5 and GCHQ), in particular their powers to intercept electronic communications and acquire communications data. Continue Reading
This week, the National Institute of Standards and Technology (NIST) released a preliminary discussion draft of its Framework for Cyber-Physical Systems. The draft has an ambitious goal: to create an integrated framework of standards that will form the blueprint for the creation of a massive interoperable network of cyber-physical systems (CPS), also known as the “Internet of Things.” In 2014, NIST established the cyber-physical systems public working group (CPS PWG)—an open public forum which includes representatives from government, industry, and academia—to develop the CPS framework. By creating a common framework at an early stage of the Internet of Things, the CPS PWG hopes to ensure the development of a secure, integrated, and interoperable ecosystem of connected devices. The CPS PWG will continue to solicit input as it refines the draft and works to finalize the framework for use in multiple industry sectors. Continue Reading
On March 4, the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) announced it is seeking comments on how to structure a new multistakeholder process to develop best practices for commercial and private unmanned aircraft systems (UAS) use. NTIA also announced that it will likely hold its first multistakeholder meeting within 90 days.
As we previously reported, the NTIA action follows the White House’s February 15 Presidential Memorandum directing NTIA to lead private sector groups toward the creation of commercial UAS standards. Companies will be free to choose whether to participate in any resulting code of conduct or standards. However, by an individual company so publicly committing, it might then become subject to Federal Trade Commission (FTC) enforcement if it then fails to do so. The FTC’s enforcement authority would be based on its jurisdiction to enforce an unfair or deceptive trade practice under Section 5 of the FTC Act, although FTC enforcement authority might not be the right approach for all entities in the UAS ecosystem, for example, UAS manufacturers or those involved in business-to-business UAS services. Continue Reading
This article was originally posted on March 4, 2015 to The Hill’s “Congress Blog.” To access the original posting, click here.
This week, two thousand members of the International Association of Privacy Professionals (IAPP), will gather in Washington, D.C. to discuss the most pressing privacy and data security issues of the day. One issue that has started to appear on the privacy agenda is privacy and the “connected car.” Continue Reading
The status of consumer data security law in the United States is at a crossroads. Last week, the White House released a discussion draft of its Consumer Privacy Bill of Rights Act of 2015, which would require businesses collecting personal information to maintain safeguards reasonably designed to ensure the security of that information. And yesterday, the Third Circuit held oral argument in FTC v. Wyndham Worldwide Corp., in which the district court last April denied Wyndham’s challenge to the Federal Trade Commission’s data security enforcement efforts. Continue Reading